I believe I'm patched and not showing any vulnerable keys but every key I'm trying to upload gets denied...
Thoughts? Running the latest Ubuntu release that appears to be patched (all updates have been run, ssh-vulkey shows no blacklisted keys). I've wiped my .ssh dir and regenerated everything On May 19, 9:41 pm, "Adam Wiggins" <[EMAIL PROTECTED]> wrote: > You guys may know about the Debian ssh key vulnerability announced last week: > > http://www.ubuntu.com/usn/usn-612-2 > > If you haven't, here's the quick summary: keys generated on Debian and > Debian-derived distros, including Ubuntu, may be weak. We've thereby > had to revoke any weak keys that have been uploaded to us in the past, > as well as regenerate our own host keys. > > The two ways this will affect you is: > > - You'll get a host-key has change / man-in-the-middle message when > you try to do git push, git pull, or heroku clone. This looks like > this on openssh: > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > Edit your .ssh/known_hosts file to remove the line with the heroku.com > host key, or just delete the entire file. > > - If your key is weak, you'll get a permission denied now. Regenerate > your key (i.e., ssh-keygen -t rsa or dsa) and run heroku > upload_authkey. > > Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/heroku?hl=en -~----------~----~----~----~------~----~------~--~---
